psesecurityenginefactory.java

jxta平台的开发包

/************************************************************************
 *
 * $Id: PSESecurityEngineFactory.java,v 1.2 2006/03/01 23:14:27 bondolo Exp $
 *
 * Copyright (c) 2001 Sun Microsystems, Inc.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *       Sun Microsystems, Inc. for Project JXTA."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA"
 *    must not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact Project JXTA at http://www.jxta.org.
 *
 * 5. Products derived from this software may not be called "JXTA",
 *    nor may "JXTA" appear in their name, without prior written
 *    permission of Sun.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL SUN MICROSYSTEMS OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of Project JXTA.  For more
 * information on Project JXTA, please see
 * <http://www.jxta.org/>.
 *
 * This license is based on the BSD license adopted by the Apache Foundation.
 *********************************************************************************/

package net.jxta.impl.membership.pse;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.SignatureException;

import org.apache.log4j.Level;
import org.apache.log4j.Logger;

import net.jxta.document.Advertisement;
import net.jxta.id.ID;
import net.jxta.peergroup.PeerGroup;
import net.jxta.exception.PeerGroupException;
import net.jxta.impl.protocol.PSEConfigAdv;

import net.jxta.impl.membership.pse.PSEUtils.IssuerInfo;

/**
 *  A factory for PSE Security Engines.
 *
 * @see PSEPeerSecurityEngine
 */
public abstract class PSESecurityEngineFactory {
    
    private static PSESecurityEngineFactory defaultSecurityEngine = null;
    
    /**
     *  Set the default PSESecurityEngineFactoryss
     **/
    public static void setPSESecurityEngineManager(PSESecurityEngineFactory newSecurityEngine) {
        synchronized( PSESecurityEngineFactory.class ) {
            defaultSecurityEngine = newSecurityEngine;
        }
    }
    
    /**
     *   Returns the default Security Engine Factory.
     *
     *   @return The current default Security Engine Factory.
     **/
    public static PSESecurityEngineFactory getDefault() {
        synchronized( PSESecurityEngineFactory.class ) {
            if (defaultSecurityEngine == null) {
                defaultSecurityEngine = new PSESecurityEngineDefaultFactory();
            }
            
            return defaultSecurityEngine;
        }
    }
    
    /**
     *   Creates a new Peer Security Engine instance based upon the context and configuration.sss
     *
     *   @param service  The service that this keystore manager will be working for.
     *   @param config   The configuration parameters.
     **/
    public abstract PSEPeerSecurityEngine getInstance(PSEMembershipService service, PSEConfigAdv config) throws PeerGroupException;
    
    /**
     *   Default implementation which provides the default behaviour (which is to do nothing).
     **/
    private static class PSESecurityEngineDefaultFactory extends PSESecurityEngineFactory {
        public PSEPeerSecurityEngine getInstance(PSEMembershipService service, PSEConfigAdv config) throws PeerGroupException {
            return new PSEPeerSecurityEngineDefault();
        }
    }
    
    /**
     *   Default implementation which provides the default behaviour.
     **/
    private static class PSEPeerSecurityEngineDefault implements PSEPeerSecurityEngine {

        /**
         *  Log4J Logger
         **/
        private static final Logger LOG = Logger.getLogger(PSEPeerSecurityEngineDefault.class.getName());
        
        /**
         *   {@inheritDoc}
         **/
        public byte[] sign(String algorithm, PSECredential credential, InputStream bis)  throws InvalidKeyException, SignatureException, IOException {
            
            if( null == algorithm ) {
                algorithm = getSignatureAlgorithm();
            }
            
            return PSEUtils.computeSignature( algorithm, credential.getPrivateKey(), bis );
        }
        
        /**
         *   {@inheritDoc}
         **/
        public boolean verify(String algorithm, PSECredential credential, byte[] signature, InputStream bis) throws InvalidKeyException, SignatureException, IOException {
            if( null == algorithm ) {
                algorithm = getSignatureAlgorithm();
            }
            
            return PSEUtils.verifySignature( algorithm, credential.getCertificate(), signature, bis);
        }
        
        /**
         *   {@inheritDoc}
         **/
        public IssuerInfo generateCertificate( PSECredential credential ) throws SecurityException {
            
            // we need a new cert.
            IssuerInfo info = new IssuerInfo();
            
            info.cert = (X509Certificate) credential.getCertificate();
            info.subjectPkey = credential.getPrivateKey();
            String cname = PSEUtils.getCertSubjectCName(info.cert);
            
            if (null != cname) {
                // remove the -CA which is common to ca root certs.
                if (cname.endsWith("-CA")) {
                    cname = cname.substring(0, cname.length() - 3);
                }
            }
            
            if (LOG.isEnabledFor(Level.DEBUG)) {
                LOG.debug("Generating new service cert for '" + cname + "'");
            }
            
            // generate the service cert and private key
            IssuerInfo serviceinfo = PSEUtils.genCert(cname, info);
            //IssuerInfo serviceinfo = membership.genCert( cname, info, "SHA1withRSA" );
            
            if (LOG.isEnabledFor(Level.DEBUG)) {
                LOG.debug("Generated new service cert for '" + cname + "'");
            }
            
            return serviceinfo;
        }
        
        /**
         *   {@inheritDoc}
         **/
        public String getSignatureAlgorithm() {
            return "SHA1withRSA";
        }
    }
}